Password Security - Telnet, ANSI Codes

I’m looking for the ANSI escape codes for password masking to send from the server to a telnet client.

I’ve looked around quite a bit and I’m either not sending a sequence correctly or I don’t have the correct codes.

I have full color support and some special characters, just looking for the password masking functionality.

For my color, this works like a charm after replacing in-game color codes {w, {y, etc with numerical designations:

Function AnsiColor(Color As Integer) As String
'Reference
'ANSI equivalent Description
'[ 3 0 m Set foreground to color #0 - black
'[ 3 1 m Set foreground to color #1 - red
'[ 3 2 m Set foreground to color #2 - green
'[ 3 3 m Set foreground to color #3 - yellow
'[ 3 4 m Set foreground to color #4 - blue
'[ 3 5 m Set foreground to color #5 - magenta
'[ 3 6 m Set foreground to color #6 - cyan
'[ 3 7 m Set foreground to color #7 - white

Select Case Color
Case Is <= 7
    AnsiColor = Chr(27) & "[0m" & Chr(27) & "[3" & Color & "m"
Case Is >= 8
    AnsiColor = Chr(27) & "[1m" & Chr(27) & "[3" & Color - 8 & "m"
End Select

End Function

Not quite sure what you are trying to pull off here, but passwordless accounts are all the rage these days. For Slice&Dice Dungeon I have QR code based login ( telnet mud.sndd.io ) you would just scan the QR code with your mobile device and it logs you in securely over an insecure communication channel such as the telnet.

When you type in your password instead of a local echo showing your password, it’s suppressed.

Ah yes, there’s a telnet sequence for disabling echo.

The byte sequences are:

For turning echo off: IAC WILL TELOPT_ECHO (0xff 0xfb 0x01)
For turning echo on: IAC WONT TELOPT_ECHO (0xff 0xfc 0x01)

Look in <arpa/telnet.h> for the definitions.

… and really, you shouldn’t be sending those sequences unless you’re sure you talking to something that speaks the telnet protocol, you have negotiated that the partner capability exists, and your partner is operating in line mode / local echo mode in the first place.

I’m open to suggestions then on hiding a password client-side, but requested by the server.

I’ve browsed some iterations of the telnet.h files and seen suppress messages during the password sequence (in other files), though I’m assuming that’s after a protocol is established?

It’s not the most urgent function, just figured eventually the passwords should be masked locally, and prevent logs-posts from accidentally showing a password when shared.

If you are really expecting telnet clients to connect to your server, and not some raw TCP socket, then the right thing to do is to use the protocol to detect / negotiate the echo mode. If the client is doing local echo (as in line mode) then you can use those telnet sequences to tell it to stop locally echoing when you are prompting for a password. If your server is handling the echo for the client partner (non-local echo), then you don’t have to send anything- simply don’t echo back any characters when you know a password is being entered.

The code is as raw as it gets!

Definitely not sending the echo to the client, so it’s client side. I use MushClient and a Cell Phone app for variety.

Meh. I can’t speak to MushClient, but ANSI terminal support and TELNET option processing are pretty hit-or-miss in most mud client software. You can usually expect the color commands to work, but few if any of the cursor movement commands will. You can usually expect the IAC WILL/WONT TELOPT_ECHO commands to kind of work too even without running the telnet protocol negotiation. I guess I’d say try sending them down the socket and see what happens.